From July on, Chrome will brand plain old HTTP as “Not secure”

Source: Ars Technica Security RSS

Feb 10, 2018

As more and more websites offer access over encrypted HTTPS, Chrome will soon brand any site served up over plain, unencrypted HTTP as "Not secure." Chrome 68, due for release in July, will start sticking the "Not secure" label in the address bar, as a counterpart to the "Secure" label and padlock icon that HTTPS sites get.

Google says that 81 of the top 100 sites on the Web default to HTTPS and that 68 percent of Chrome traffic on Android and Windows uses HTTPS. As such, non-secure HTTP is becoming the exception, not the rule, justifying the explicit call-out. While HTTPS once required expensive certificates, projects such as Let's Encrypt have made it easy to add HTTPS to just about any site at zero cost.